get-pip.py fails to bootstrap PIP installation on my Ubuntu 14.04.1 with Certificate verification error.

[sudhakso]

get-pip.py fails to bootstrap PIP installation on my Ubuntu 14.04.1.

~$ curl -o /home/sudhakso/devstack/files/get-pip.py https://bootstrap.pypa.io/get-pip.py
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 1546k  100 1546k    0     0   261k      0  0:00:05  0:00:05 --:--:--  339k
~$  sudo -H -E python /home/sudhakso/devstack/files/get-pip.py
Collecting pip
  Could not find any downloads that satisfy the requirement pip
  No distributions at all found for pip

And when I do,

~$ pip install --upgrade pypdf2 -vvv
results in this error -
 pip install --upgrade pypdf2 -vvv
Downloading/unpacking pypdf2
  Getting page https://pypi.python.org/simple/pypdf2/
  Could not fetch URL https://pypi.python.org/simple/pypdf2/: connection error: [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
  Will skip URL https://pypi.python.org/simple/pypdf2/ when looking for download links for pypdf2
  Getting page https://pypi.python.org/simple/
  Could not fetch URL https://pypi.python.org/simple/: connection error: [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
  Will skip URL https://pypi.python.org/simple/ when looking for download links for pypdf2
  Cannot fetch index base URL https://pypi.python.org/simple/
  URLs to search for versions for pypdf2:
  * https://pypi.python.org/simple/pypdf2/
  Getting page https://pypi.python.org/simple/pypdf2/
  Could not fetch URL https://pypi.python.org/simple/pypdf2/: connection error: [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
  Will skip URL https://pypi.python.org/simple/pypdf2/ when looking for download links for pypdf2
  Could not find any downloads that satisfy the requirement pypdf2
Cleaning up...
  Removing temporary dir /tmp/pip_build_sudhakso...
No distributions at all found for pypdf2
Exception information:
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/pip/basecommand.py", line 122, in main
    status = self.run(options, args)
  File "/usr/lib/python2.7/dist-packages/pip/commands/install.py", line 278, in run
    requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
  File "/usr/lib/python2.7/dist-packages/pip/req.py", line 1177, in prepare_files
    url = finder.find_requirement(req_to_install, upgrade=self.upgrade)
  File "/usr/lib/python2.7/dist-packages/pip/index.py", line 277, in find_requirement
    raise DistributionNotFound('No distributions at all found for %s' % req)
DistributionNotFound: No distributions at all found for pypdf2

From the error it is very clear certificate verification failed. But why? Is it because OPEN-SSL version
doesn't support SHA256 MD cipher?

But my openSSL configuration states it support SHA256 for MD.

~$ openssl ciphers  -v | grep ^AES256-SHA256
AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256

looks a similar issue like #2050

[dstufft]

Is this still happening?

[sudhakso]

Yes. It does. But only while I am behind the corporate proxy.
Mostly the issue is in the environment.

The above problem is seen when your system date and time is running behind the current date and time. Internally get-pip.py script uses 'https' for downloading the packages, and this requires the client to get its certificate validated by server. Because the system clock is running behind, the certificate is also considered to be old hence validation fails resulting in above error.

This is the reason why the cert verification fails. Could we improve reporting this in get-pip.py?

[xavfernandez]

Well what did python get-pip.py --verbose print ?

[StummeJ]

When run python get-pip.py --verbose:

Collecting pip
  Getting page https://pypi.python.org/simple/pip/
  Starting new HTTPS connection (1): pypi.python.org
  Could not fetch URL https://pypi.python.org/simple/pip/: connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581) - skipping
  1 location(s) to search for versions of pip:
  * https://pypi.python.org/simple/pip/
  Getting page https://pypi.python.org/simple/pip/
  Starting new HTTPS connection (2): pypi.python.org
  Could not fetch URL https://pypi.python.org/simple/pip/: connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581) - skipping
  Could not find a version that satisfies the requirement pip (from versions: )
Cleaning up...
No matching distribution found for pip

[afollestad]

Same issue here, quite annoying.

[gnthibault]

Same here, is there a way to bypass certificate checking for ssl connections ?

[gsmithufl]

same.

[dstufft]

I'm going to close this, this appears to be an environmental issue, either with a failing proxy or something similar. In any case, for some reason your Python is unable to validate TLS certificates and you'll need to resolve that before get-pip.py is able to function.

[ajeans]

As a reference if anyone gets the same problem, I solved this issue with:
./get-pip.py --trusted-host pypi.python.org

[AndresUrregoAngel]

@ajenas what do you mean with this command? where can I run it because I copied and pasted and it didnt go thru.
thanks

[ajeans]

@AndresUrregoAngel if you get the problem above with get-pip.py (that says that it cannot accept the SSL certificate for pypi.python.org), the command I gave tells get-pip to proceed despite the SSL problem.
The next time you launch get-pip, it should work or fail later :-)

[AndresUrregoAngel]

@ajeans I'm running:
curl -O https://bootstrap.pypa.io/get-pip.pypython35 get-pip.py

and then I'm getting the error: curl(6) couldnt resolve host get-pip.py

How should I run it ? thanks so much

[benoit-pierre]

@AndresUrregoAngel: curl -o get-pip.py https://bootstrap.pypa.io/get-pip.py

[Akasurde]

# python get-pip.py --trusted-host pypi.org --trusted-host files.pythonhosted.org